Opinion
Beware the ‘Microsoft support’ scam – it cost Fran $30,000
Nicole Pedersen-McKinnon
Money contributorDear Nicole,
I read with interest your article on a Telstra rewards scam of an older lady, and Westpac’s response. My 76-year-old mother-in-law had almost $30,000 stolen by cybercriminals recently via a Facebook scam. She responded to a pop-up indicating that her laptop had been compromised and to phone “Microsoft support” for help. The scammers tricked her into providing all her bank login details and quickly stole her money. Bendigo Bank has investigated and advised they will not pay the money back because it was “her fault” that the scammers gained access to her accounts. We understand from the bank’s investigation that the funds were immediately moved offshore.
Is there anything she can do? For additional context, she is recently divorced and has virtually no assets – this was basically all of her savings from still working three days a week. Megan.
Scammers tricked Fran into providing all her bank login details and quickly stole her money.Credit: Shutterstock
Every one of these stories that land in my inbox – and there are a lot – are just so devastating. Though the elaborate, official-and-often-urgent-sounding ploy is varied, the purpose is always to trick victims into usually two things:
- Clicking on a link or a pop-up, which essentially leads fraudsters to the “gate”.
- Handing over passwords and/or security codes, akin to giving them the key.
The sinister cover story for which your mother-in-law Fran fell, was convincing.
- When she called the number given on the Microsoft support pop-up, “National Crime Authority” personnel answered … and said they were helping her not to be scammed. (Ironic eh?)
- They even gave her a “case ID” and the name of the person talking as “Peter Wilson”.
- They needed her passwords and she did also send the fraudsters the security code for the transaction, after they claimed she needed to act quickly so they could block any transfers.
- The amount of $29,800 was then transferred out in one lump sum.
No matter how sad or scary the subterfuge – never give up your passwords.
Fran/Megan, a difference I note with your experience with a fraudulent transfer – also facilitated by the victim being tricked into supplying the security code – is regards to detection of possible fraud by the institution … for a large transaction at that.
In the previous case you mention, Megan, Westpac contacted and queried the bank account owner straight away. To my knowledge, Bendigo Bank did not. Meanwhile, its scam advice has three pillars:
- STOP– Don’t give money or personal information to anyone if unsure.
- THINK – Ask yourself: Could the message or call be fake?
- PROTECT– Act quickly if something feels wrong.
Fran did the last one, contacting Bendigo Bank the same day. She has since sent a complaints letter and received no reply.
The bank sent a text on September 26 saying it would contact her by telephone within five days to provide an update. It did not.
Fran was later told her case had been handed to another person and she was finally called on Friday… and advised the fault was hers, so Bendigo Bank has no liability.
This is unlike Westpac’s response to this column’s queries several weeks ago: it “escalated” the $1,987.85 Telstra reward fraud case and reimbursed the customer in full. Perhaps $29,800 is just too much of a stretch for Bendigo Bank to act as admirably.
Bendigo Bank previously told me it cannot comment on individual cases saying only: “Bendigo Bank attempts to recover funds lost to scams wherever possible and it goes without saying when the bank is at fault, we will reimburse customers for the loss of funds.
“Goodwill payments are sometimes made at the discretion of the bank and may take into account a variety of factors.”
The moral of the story for other readers is that – no matter how sad or scary the subterfuge – never give up your passwords. And those security pins are yours and yours only. Not just the con but any compensation may depend on it.
Meanwhile, for Fran, a Bendigo Bank announcement last Wednesday appears to both admit and underscore a failing. It has just begun using the advanced security tool NameCheck to screen all payments whenever customers enter the BSB and account number for a new payee.
A spokesperson said: “Using insights from available payment data, NameCheck will give an indication as to whether the details provided appear legitimate.” Tragically too late in this case.
It will be interesting to see what blame proposed new laws will soon place at the feet of banks (and telcos), rather than victims. And, if under threat of $50 million fines, they will be compelled – rather than decide case-by-case – to cough up.
Nicole Pedersen-McKinnon is the author of How to Get Mortgage-Free Like Me, available at www.nicolessmartmoney.com. Follow Nicole on Facebook, X and Instagram.
- Advice given in this article is general in nature and is not intended to influence readers’ decisions about investing or financial products. They should always seek their own professional advice that takes into account their own personal circumstances before making any financial decisions.
Expert tips on how to save, invest and make the most of your money delivered to your inbox every Sunday. Sign up for our Real Money newsletter.